Yesterday with both the House and Senate in session there
were 55 bills introduced. Of those three may receive additional coverage in
this blog:
S
3033 A bill to establish a K-12 education cybersecurity initiative, and for
other purposes. Sen. Peters, Gary C. [D-MI]
S
3040 A bill to amend the Higher Education Act of 1965 to include teacher
preparation for computer science in elementary and secondary education. Sen.
Rosen, Jacky [D-NV]
S
3045 A bill to amend the Homeland Security Act of 2002 to protect United
States critical infrastructure by ensuring that the Cybersecurity and
Infrastructure Security Agency has the legal tools it needs to notify private
and public sector entities put at risk by cybersecurity vulnerabilities in the
networks and systems that control critical assets of the United States. Sen.
Johnson, Ron [R-WI]
Cybersecurity Education
Actually, I doubt that S 3033 and S 3040 will contain
language specifically including control system security processes in the
required curriculum. That would normally mean that I would not cover these
bills here. So I will take this opportunity to get a screed about K-12
education out of my system.
Students are in the K-12 education environment for 13 years
for something like 9 months out of the year. A typical school day (minus
extracurricular activities) last six to eight hours. In that brief time students
are exposed to the basic knowledge necessary for participation in our society.
Back in the dark ages when I went to school that consisted of reading, writing,
arithmetic, foreign language, history and the arts with a smattering of
physical education. Each year the components of those basics became more
complex, building on the previous knowledge gained. And the school day was
rather full.
Whenever we add new curriculum to that base, decisions have
to be made about where the time for teaching the new material will be added. We
could increase the number of hours at school, but that would cut into
extracurricular activities and besides students can only be expected to take so
much time sitting around learning. The alternative it to reduce the time it
takes to teach the other subjects or to remove some of those subjects.
It would seem to me that anytime we legislatively attempt to
expand the required knowledge base we must also determine where the time will
come from to add that instruction. Unfortunately, congresscritters are
notorious for adding program requirements without adding resources to effect those
requirements. Just let the affected managers make the hard decisions. That way
the complaints will be focused on them not congresscritters.
CISA Subpoenas
S 3045 has been in the works for a while now. I have not yet
seen the bill, but press accounts (see here
for instance) make this seem like a good idea. It would apparently give CISA
that power to issue subpoenas to Telecoms to require them to provide contact
information for internet addresses where CISA has identified a critical infrastructure
vulnerability. That would allow CISA to contact the vulnerable party and work
with them to mitigate the vulnerability. Motherhood and Apple Pie, who can
object to that? Of course, the devil is in the details.
Posts
No comments:
Post a Comment